From 10b0444eacee8e54c947a88b1cc27252666fe14c Mon Sep 17 00:00:00 2001
From: Mateja <mail@matejamaric.com>
Date: Tue, 27 Jul 2021 19:16:14 +0200
Subject: Protect API endpoint for showing paid orders.

---
 server/routes/api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routes/api.js b/server/routes/api.js
index cf1d2d6..b680b70 100644
--- a/server/routes/api.js
+++ b/server/routes/api.js
@@ -17,7 +17,7 @@ router.post('/products', isAuth, isAdmin, upload.single('image'), productsContro
 router.patch('/products/:id', isAuth, isAdmin, upload.single('image'), productsController.update);
 router.delete('/products/:id', isAuth, isAdmin, productsController.destroy);
 
-router.get('/transactions/paid', transactionController.showPaid);
+router.get('/transactions/paid', isAuth, isAdmin, transactionController.showPaid);
 router.post('/transactions/setup', transactionController.setup);
 router.post('/transactions/capture', transactionController.capture);
 
-- 
cgit v1.2.3